Jonathan Zimmerman

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 2.0.0 through 4.1.0 Description: The issue is related to an improper authorization procedure in the FAB ADD SECURITY API component of Apache Superset, allowing lower privilege users to use this API. This can potentially enable a remote attacker to elevate their privileges. The issue affects Apache Superset versions prior to 4.1.0. Recommendations: For Apache Superset versions 2.0.0 through 4.0.0, upgrade to version 4.1.0, which fixes the issue. For Apache Superset versions prior to 2.0.0, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the FAB ADD SECURITY API component until a patch is available.